Bangladesh Bank exposed to hackers by Second-hand $10 Routers and No Firewall

Investigators from the Forensic Training Institute of the Bangladesh investigated the $80 Million bank heist and discovered that the hackers managed to gain access to the network because the Bank was using second-hand $10 network switches without a Firewall to run its network.Bangladesh's central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world's biggest cyber heists said.

The shortcomings made it easier for hackers to break into the Bangladesh Bank system earlier this year and attempt to siphon off nearly $1 billion using the bank's SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department.

"It could be difficult to hack if there was a firewall," forensic investigator Mohammad Shah Alam told Reuters.The lack of sophisticated switches, which can cost several hundred dollars or more, also means it is difficult for investigators to figure out what the hackers did and where they might have been based, he added.

Experts in bank security said that the findings described by Alam were disturbing.

"You are talking about an organization that has access to billions of dollars and they are not taking even the most basic security precautions," said Jeff Wichman, a consultant with cyber firm Optiv.

Tom Kellermann, a former member of the World Bank security team, said that the security shortcomings described by Alam were "egregious," and that he believed there were "a handful" of central banks in developing countries that were equally insecure.

Kellermann, now chief executive of investment firm Strategic Cyber Ventures LLC, said that some banks fail to adequately protect their networks because they focus security budgets on physically defending their facilities.Cyber criminals broke into Bangladesh Bank's system and in early February tried to make fraudulent transfers totaling $951 million from its account at the Federal Reserve Bank of New York.

Most of the payments were blocked, but $81 million was routed to accounts in the Philippines and diverted to casinos there. Most of those funds remain missing.

The police believe that both the bank and SWIFT should take the blame for the oversight, Alam said in an interview.Bangladesh police have identified 20 foreigners involved in the heist but the police said the people appear to be those who received some of the payments rather than the hackers who initially stole the money.Though the investigators are still scratching their heads to identify the hackers with no clue, the incident is a good reminder for financial institutions across the global to tighten up the security of their systems.